1 //===-- sanitizer_mac.cpp -------------------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file is shared between various sanitizers' runtime libraries and 10 // implements OSX-specific functions. 11 //===----------------------------------------------------------------------===// 12 13 #include "sanitizer_platform.h" 14 #if SANITIZER_MAC 15 #include "sanitizer_mac.h" 16 #include "interception/interception.h" 17 18 // Use 64-bit inodes in file operations. ASan does not support OS X 10.5, so 19 // the clients will most certainly use 64-bit ones as well. 20 #ifndef _DARWIN_USE_64_BIT_INODE 21 #define _DARWIN_USE_64_BIT_INODE 1 22 #endif 23 #include <stdio.h> 24 25 #include "sanitizer_common.h" 26 #include "sanitizer_file.h" 27 #include "sanitizer_flags.h" 28 #include "sanitizer_internal_defs.h" 29 #include "sanitizer_libc.h" 30 #include "sanitizer_platform_limits_posix.h" 31 #include "sanitizer_procmaps.h" 32 #include "sanitizer_ptrauth.h" 33 34 #if !SANITIZER_IOS 35 #include <crt_externs.h> // for _NSGetEnviron 36 #else 37 extern char **environ; 38 #endif 39 40 #if defined(__has_include) && __has_include(<os/trace.h>) 41 #define SANITIZER_OS_TRACE 1 42 #include <os/trace.h> 43 #else 44 #define SANITIZER_OS_TRACE 0 45 #endif 46 47 // import new crash reporting api 48 #if defined(__has_include) && __has_include(<CrashReporterClient.h>) 49 #define HAVE_CRASHREPORTERCLIENT_H 1 50 #include <CrashReporterClient.h> 51 #else 52 #define HAVE_CRASHREPORTERCLIENT_H 0 53 #endif 54 55 #if !SANITIZER_IOS 56 #include <crt_externs.h> // for _NSGetArgv and _NSGetEnviron 57 #else 58 extern "C" { 59 extern char ***_NSGetArgv(void); 60 } 61 #endif 62 63 #include <asl.h> 64 #include <dlfcn.h> // for dladdr() 65 #include <errno.h> 66 #include <fcntl.h> 67 #include <libkern/OSAtomic.h> 68 #include <mach-o/dyld.h> 69 #include <mach/mach.h> 70 #include <mach/mach_time.h> 71 #include <mach/vm_statistics.h> 72 #include <malloc/malloc.h> 73 #include <os/log.h> 74 #include <pthread.h> 75 #include <sched.h> 76 #include <signal.h> 77 #include <spawn.h> 78 #include <stdlib.h> 79 #include <sys/ioctl.h> 80 #include <sys/mman.h> 81 #include <sys/resource.h> 82 #include <sys/stat.h> 83 #include <sys/sysctl.h> 84 #include <sys/types.h> 85 #include <sys/wait.h> 86 #include <unistd.h> 87 #include <util.h> 88 89 // From <crt_externs.h>, but we don't have that file on iOS. 90 extern "C" { 91 extern char ***_NSGetArgv(void); 92 extern char ***_NSGetEnviron(void); 93 } 94 95 // From <mach/mach_vm.h>, but we don't have that file on iOS. 96 extern "C" { 97 extern kern_return_t mach_vm_region_recurse( 98 vm_map_t target_task, 99 mach_vm_address_t *address, 100 mach_vm_size_t *size, 101 natural_t *nesting_depth, 102 vm_region_recurse_info_t info, 103 mach_msg_type_number_t *infoCnt); 104 } 105 106 namespace __sanitizer { 107 108 #include "sanitizer_syscall_generic.inc" 109 110 // Direct syscalls, don't call libmalloc hooks (but not available on 10.6). 111 extern "C" void *__mmap(void *addr, size_t len, int prot, int flags, int fildes, 112 off_t off) SANITIZER_WEAK_ATTRIBUTE; 113 extern "C" int __munmap(void *, size_t) SANITIZER_WEAK_ATTRIBUTE; 114 115 // ---------------------- sanitizer_libc.h 116 117 // From <mach/vm_statistics.h>, but not on older OSs. 118 #ifndef VM_MEMORY_SANITIZER 119 #define VM_MEMORY_SANITIZER 99 120 #endif 121 122 // XNU on Darwin provides a mmap flag that optimizes allocation/deallocation of 123 // giant memory regions (i.e. shadow memory regions). 124 #define kXnuFastMmapFd 0x4 125 static size_t kXnuFastMmapThreshold = 2 << 30; // 2 GB 126 static bool use_xnu_fast_mmap = false; 127 128 uptr internal_mmap(void *addr, size_t length, int prot, int flags, 129 int fd, u64 offset) { 130 if (fd == -1) { 131 fd = VM_MAKE_TAG(VM_MEMORY_SANITIZER); 132 if (length >= kXnuFastMmapThreshold) { 133 if (use_xnu_fast_mmap) fd |= kXnuFastMmapFd; 134 } 135 } 136 if (&__mmap) return (uptr)__mmap(addr, length, prot, flags, fd, offset); 137 return (uptr)mmap(addr, length, prot, flags, fd, offset); 138 } 139 140 uptr internal_munmap(void *addr, uptr length) { 141 if (&__munmap) return __munmap(addr, length); 142 return munmap(addr, length); 143 } 144 145 uptr internal_mremap(void *old_address, uptr old_size, uptr new_size, int flags, 146 void *new_address) { 147 CHECK(false && "internal_mremap is unimplemented on Mac"); 148 return 0; 149 } 150 151 int internal_mprotect(void *addr, uptr length, int prot) { 152 return mprotect(addr, length, prot); 153 } 154 155 int internal_madvise(uptr addr, uptr length, int advice) { 156 return madvise((void *)addr, length, advice); 157 } 158 159 uptr internal_close(fd_t fd) { 160 return close(fd); 161 } 162 163 uptr internal_open(const char *filename, int flags) { 164 return open(filename, flags); 165 } 166 167 uptr internal_open(const char *filename, int flags, u32 mode) { 168 return open(filename, flags, mode); 169 } 170 171 uptr internal_read(fd_t fd, void *buf, uptr count) { 172 return read(fd, buf, count); 173 } 174 175 uptr internal_write(fd_t fd, const void *buf, uptr count) { 176 return write(fd, buf, count); 177 } 178 179 uptr internal_stat(const char *path, void *buf) { 180 return stat(path, (struct stat *)buf); 181 } 182 183 uptr internal_lstat(const char *path, void *buf) { 184 return lstat(path, (struct stat *)buf); 185 } 186 187 uptr internal_fstat(fd_t fd, void *buf) { 188 return fstat(fd, (struct stat *)buf); 189 } 190 191 uptr internal_filesize(fd_t fd) { 192 struct stat st; 193 if (internal_fstat(fd, &st)) 194 return -1; 195 return (uptr)st.st_size; 196 } 197 198 uptr internal_dup(int oldfd) { 199 return dup(oldfd); 200 } 201 202 uptr internal_dup2(int oldfd, int newfd) { 203 return dup2(oldfd, newfd); 204 } 205 206 uptr internal_readlink(const char *path, char *buf, uptr bufsize) { 207 return readlink(path, buf, bufsize); 208 } 209 210 uptr internal_unlink(const char *path) { 211 return unlink(path); 212 } 213 214 uptr internal_sched_yield() { 215 return sched_yield(); 216 } 217 218 void internal__exit(int exitcode) { 219 _exit(exitcode); 220 } 221 222 void internal_usleep(u64 useconds) { usleep(useconds); } 223 224 uptr internal_getpid() { 225 return getpid(); 226 } 227 228 int internal_dlinfo(void *handle, int request, void *p) { 229 UNIMPLEMENTED(); 230 } 231 232 int internal_sigaction(int signum, const void *act, void *oldact) { 233 return sigaction(signum, 234 (const struct sigaction *)act, (struct sigaction *)oldact); 235 } 236 237 void internal_sigfillset(__sanitizer_sigset_t *set) { sigfillset(set); } 238 239 uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set, 240 __sanitizer_sigset_t *oldset) { 241 // Don't use sigprocmask here, because it affects all threads. 242 return pthread_sigmask(how, set, oldset); 243 } 244 245 // Doesn't call pthread_atfork() handlers (but not available on 10.6). 246 extern "C" pid_t __fork(void) SANITIZER_WEAK_ATTRIBUTE; 247 248 int internal_fork() { 249 if (&__fork) 250 return __fork(); 251 return fork(); 252 } 253 254 int internal_sysctl(const int *name, unsigned int namelen, void *oldp, 255 uptr *oldlenp, const void *newp, uptr newlen) { 256 return sysctl(const_cast<int *>(name), namelen, oldp, (size_t *)oldlenp, 257 const_cast<void *>(newp), (size_t)newlen); 258 } 259 260 int internal_sysctlbyname(const char *sname, void *oldp, uptr *oldlenp, 261 const void *newp, uptr newlen) { 262 return sysctlbyname(sname, oldp, (size_t *)oldlenp, const_cast<void *>(newp), 263 (size_t)newlen); 264 } 265 266 static fd_t internal_spawn_impl(const char *argv[], const char *envp[], 267 pid_t *pid) { 268 fd_t master_fd = kInvalidFd; 269 fd_t slave_fd = kInvalidFd; 270 271 auto fd_closer = at_scope_exit([&] { 272 internal_close(master_fd); 273 internal_close(slave_fd); 274 }); 275 276 // We need a new pseudoterminal to avoid buffering problems. The 'atos' tool 277 // in particular detects when it's talking to a pipe and forgets to flush the 278 // output stream after sending a response. 279 master_fd = posix_openpt(O_RDWR); 280 if (master_fd == kInvalidFd) return kInvalidFd; 281 282 int res = grantpt(master_fd) || unlockpt(master_fd); 283 if (res != 0) return kInvalidFd; 284 285 // Use TIOCPTYGNAME instead of ptsname() to avoid threading problems. 286 char slave_pty_name[128]; 287 res = ioctl(master_fd, TIOCPTYGNAME, slave_pty_name); 288 if (res == -1) return kInvalidFd; 289 290 slave_fd = internal_open(slave_pty_name, O_RDWR); 291 if (slave_fd == kInvalidFd) return kInvalidFd; 292 293 // File descriptor actions 294 posix_spawn_file_actions_t acts; 295 res = posix_spawn_file_actions_init(&acts); 296 if (res != 0) return kInvalidFd; 297 298 auto acts_cleanup = at_scope_exit([&] { 299 posix_spawn_file_actions_destroy(&acts); 300 }); 301 302 res = posix_spawn_file_actions_adddup2(&acts, slave_fd, STDIN_FILENO) || 303 posix_spawn_file_actions_adddup2(&acts, slave_fd, STDOUT_FILENO) || 304 posix_spawn_file_actions_addclose(&acts, slave_fd); 305 if (res != 0) return kInvalidFd; 306 307 // Spawn attributes 308 posix_spawnattr_t attrs; 309 res = posix_spawnattr_init(&attrs); 310 if (res != 0) return kInvalidFd; 311 312 auto attrs_cleanup = at_scope_exit([&] { 313 posix_spawnattr_destroy(&attrs); 314 }); 315 316 // In the spawned process, close all file descriptors that are not explicitly 317 // described by the file actions object. This is Darwin-specific extension. 318 res = posix_spawnattr_setflags(&attrs, POSIX_SPAWN_CLOEXEC_DEFAULT); 319 if (res != 0) return kInvalidFd; 320 321 // posix_spawn 322 char **argv_casted = const_cast<char **>(argv); 323 char **envp_casted = const_cast<char **>(envp); 324 res = posix_spawn(pid, argv[0], &acts, &attrs, argv_casted, envp_casted); 325 if (res != 0) return kInvalidFd; 326 327 // Disable echo in the new terminal, disable CR. 328 struct termios termflags; 329 tcgetattr(master_fd, &termflags); 330 termflags.c_oflag &= ~ONLCR; 331 termflags.c_lflag &= ~ECHO; 332 tcsetattr(master_fd, TCSANOW, &termflags); 333 334 // On success, do not close master_fd on scope exit. 335 fd_t fd = master_fd; 336 master_fd = kInvalidFd; 337 338 return fd; 339 } 340 341 fd_t internal_spawn(const char *argv[], const char *envp[], pid_t *pid) { 342 // The client program may close its stdin and/or stdout and/or stderr thus 343 // allowing open/posix_openpt to reuse file descriptors 0, 1 or 2. In this 344 // case the communication is broken if either the parent or the child tries to 345 // close or duplicate these descriptors. We temporarily reserve these 346 // descriptors here to prevent this. 347 fd_t low_fds[3]; 348 size_t count = 0; 349 350 for (; count < 3; count++) { 351 low_fds[count] = posix_openpt(O_RDWR); 352 if (low_fds[count] >= STDERR_FILENO) 353 break; 354 } 355 356 fd_t fd = internal_spawn_impl(argv, envp, pid); 357 358 for (; count > 0; count--) { 359 internal_close(low_fds[count]); 360 } 361 362 return fd; 363 } 364 365 uptr internal_rename(const char *oldpath, const char *newpath) { 366 return rename(oldpath, newpath); 367 } 368 369 uptr internal_ftruncate(fd_t fd, uptr size) { 370 return ftruncate(fd, size); 371 } 372 373 uptr internal_execve(const char *filename, char *const argv[], 374 char *const envp[]) { 375 return execve(filename, argv, envp); 376 } 377 378 uptr internal_waitpid(int pid, int *status, int options) { 379 return waitpid(pid, status, options); 380 } 381 382 // ----------------- sanitizer_common.h 383 bool FileExists(const char *filename) { 384 if (ShouldMockFailureToOpen(filename)) 385 return false; 386 struct stat st; 387 if (stat(filename, &st)) 388 return false; 389 // Sanity check: filename is a regular file. 390 return S_ISREG(st.st_mode); 391 } 392 393 tid_t GetTid() { 394 tid_t tid; 395 pthread_threadid_np(nullptr, &tid); 396 return tid; 397 } 398 399 void GetThreadStackTopAndBottom(bool at_initialization, uptr *stack_top, 400 uptr *stack_bottom) { 401 CHECK(stack_top); 402 CHECK(stack_bottom); 403 uptr stacksize = pthread_get_stacksize_np(pthread_self()); 404 // pthread_get_stacksize_np() returns an incorrect stack size for the main 405 // thread on Mavericks. See 406 // https://github.com/google/sanitizers/issues/261 407 if ((GetMacosAlignedVersion() >= MacosVersion(10, 9)) && at_initialization && 408 stacksize == (1 << 19)) { 409 struct rlimit rl; 410 CHECK_EQ(getrlimit(RLIMIT_STACK, &rl), 0); 411 // Most often rl.rlim_cur will be the desired 8M. 412 if (rl.rlim_cur < kMaxThreadStackSize) { 413 stacksize = rl.rlim_cur; 414 } else { 415 stacksize = kMaxThreadStackSize; 416 } 417 } 418 void *stackaddr = pthread_get_stackaddr_np(pthread_self()); 419 *stack_top = (uptr)stackaddr; 420 *stack_bottom = *stack_top - stacksize; 421 } 422 423 char **GetEnviron() { 424 #if !SANITIZER_IOS 425 char ***env_ptr = _NSGetEnviron(); 426 if (!env_ptr) { 427 Report("_NSGetEnviron() returned NULL. Please make sure __asan_init() is " 428 "called after libSystem_initializer().\n"); 429 CHECK(env_ptr); 430 } 431 char **environ = *env_ptr; 432 #endif 433 CHECK(environ); 434 return environ; 435 } 436 437 const char *GetEnv(const char *name) { 438 char **env = GetEnviron(); 439 uptr name_len = internal_strlen(name); 440 while (*env != 0) { 441 uptr len = internal_strlen(*env); 442 if (len > name_len) { 443 const char *p = *env; 444 if (!internal_memcmp(p, name, name_len) && 445 p[name_len] == '=') { // Match. 446 return *env + name_len + 1; // String starting after =. 447 } 448 } 449 env++; 450 } 451 return 0; 452 } 453 454 uptr ReadBinaryName(/*out*/char *buf, uptr buf_len) { 455 CHECK_LE(kMaxPathLength, buf_len); 456 457 // On OS X the executable path is saved to the stack by dyld. Reading it 458 // from there is much faster than calling dladdr, especially for large 459 // binaries with symbols. 460 InternalMmapVector<char> exe_path(kMaxPathLength); 461 uint32_t size = exe_path.size(); 462 if (_NSGetExecutablePath(exe_path.data(), &size) == 0 && 463 realpath(exe_path.data(), buf) != 0) { 464 return internal_strlen(buf); 465 } 466 return 0; 467 } 468 469 uptr ReadLongProcessName(/*out*/char *buf, uptr buf_len) { 470 return ReadBinaryName(buf, buf_len); 471 } 472 473 void ReExec() { 474 UNIMPLEMENTED(); 475 } 476 477 void CheckASLR() { 478 // Do nothing 479 } 480 481 void CheckMPROTECT() { 482 // Do nothing 483 } 484 485 uptr GetPageSize() { 486 return sysconf(_SC_PAGESIZE); 487 } 488 489 extern "C" unsigned malloc_num_zones; 490 extern "C" malloc_zone_t **malloc_zones; 491 malloc_zone_t sanitizer_zone; 492 493 // We need to make sure that sanitizer_zone is registered as malloc_zones[0]. If 494 // libmalloc tries to set up a different zone as malloc_zones[0], it will call 495 // mprotect(malloc_zones, ..., PROT_READ). This interceptor will catch that and 496 // make sure we are still the first (default) zone. 497 void MprotectMallocZones(void *addr, int prot) { 498 if (addr == malloc_zones && prot == PROT_READ) { 499 if (malloc_num_zones > 1 && malloc_zones[0] != &sanitizer_zone) { 500 for (unsigned i = 1; i < malloc_num_zones; i++) { 501 if (malloc_zones[i] == &sanitizer_zone) { 502 // Swap malloc_zones[0] and malloc_zones[i]. 503 malloc_zones[i] = malloc_zones[0]; 504 malloc_zones[0] = &sanitizer_zone; 505 break; 506 } 507 } 508 } 509 } 510 } 511 512 void FutexWait(atomic_uint32_t *p, u32 cmp) { 513 // FIXME: implement actual blocking. 514 sched_yield(); 515 } 516 517 void FutexWake(atomic_uint32_t *p, u32 count) {} 518 519 u64 NanoTime() { 520 timeval tv; 521 internal_memset(&tv, 0, sizeof(tv)); 522 gettimeofday(&tv, 0); 523 return (u64)tv.tv_sec * 1000*1000*1000 + tv.tv_usec * 1000; 524 } 525 526 // This needs to be called during initialization to avoid being racy. 527 u64 MonotonicNanoTime() { 528 static mach_timebase_info_data_t timebase_info; 529 if (timebase_info.denom == 0) mach_timebase_info(&timebase_info); 530 return (mach_absolute_time() * timebase_info.numer) / timebase_info.denom; 531 } 532 533 uptr GetTlsSize() { 534 return 0; 535 } 536 537 void InitTlsSize() { 538 } 539 540 uptr TlsBaseAddr() { 541 uptr segbase = 0; 542 #if defined(__x86_64__) 543 asm("movq %%gs:0,%0" : "=r"(segbase)); 544 #elif defined(__i386__) 545 asm("movl %%gs:0,%0" : "=r"(segbase)); 546 #elif defined(__aarch64__) 547 asm("mrs %x0, tpidrro_el0" : "=r"(segbase)); 548 segbase &= 0x07ul; // clearing lower bits, cpu id stored there 549 #endif 550 return segbase; 551 } 552 553 // The size of the tls on darwin does not appear to be well documented, 554 // however the vm memory map suggests that it is 1024 uptrs in size, 555 // with a size of 0x2000 bytes on x86_64 and 0x1000 bytes on i386. 556 uptr TlsSize() { 557 #if defined(__x86_64__) || defined(__i386__) 558 return 1024 * sizeof(uptr); 559 #else 560 return 0; 561 #endif 562 } 563 564 void GetThreadStackAndTls(bool main, uptr *stk_addr, uptr *stk_size, 565 uptr *tls_addr, uptr *tls_size) { 566 #if !SANITIZER_GO 567 uptr stack_top, stack_bottom; 568 GetThreadStackTopAndBottom(main, &stack_top, &stack_bottom); 569 *stk_addr = stack_bottom; 570 *stk_size = stack_top - stack_bottom; 571 *tls_addr = TlsBaseAddr(); 572 *tls_size = TlsSize(); 573 #else 574 *stk_addr = 0; 575 *stk_size = 0; 576 *tls_addr = 0; 577 *tls_size = 0; 578 #endif 579 } 580 581 void ListOfModules::init() { 582 clearOrInit(); 583 MemoryMappingLayout memory_mapping(false); 584 memory_mapping.DumpListOfModules(&modules_); 585 } 586 587 void ListOfModules::fallbackInit() { clear(); } 588 589 static HandleSignalMode GetHandleSignalModeImpl(int signum) { 590 switch (signum) { 591 case SIGABRT: 592 return common_flags()->handle_abort; 593 case SIGILL: 594 return common_flags()->handle_sigill; 595 case SIGTRAP: 596 return common_flags()->handle_sigtrap; 597 case SIGFPE: 598 return common_flags()->handle_sigfpe; 599 case SIGSEGV: 600 return common_flags()->handle_segv; 601 case SIGBUS: 602 return common_flags()->handle_sigbus; 603 } 604 return kHandleSignalNo; 605 } 606 607 HandleSignalMode GetHandleSignalMode(int signum) { 608 // Handling fatal signals on watchOS and tvOS devices is disallowed. 609 if ((SANITIZER_WATCHOS || SANITIZER_TVOS) && !(SANITIZER_IOSSIM)) 610 return kHandleSignalNo; 611 HandleSignalMode result = GetHandleSignalModeImpl(signum); 612 if (result == kHandleSignalYes && !common_flags()->allow_user_segv_handler) 613 return kHandleSignalExclusive; 614 return result; 615 } 616 617 // Offset example: 618 // XNU 17 -- macOS 10.13 -- iOS 11 -- tvOS 11 -- watchOS 4 619 constexpr u16 GetOSMajorKernelOffset() { 620 if (TARGET_OS_OSX) return 4; 621 if (TARGET_OS_IOS || TARGET_OS_TV) return 6; 622 if (TARGET_OS_WATCH) return 13; 623 } 624 625 using VersStr = char[64]; 626 627 static uptr ApproximateOSVersionViaKernelVersion(VersStr vers) { 628 u16 kernel_major = GetDarwinKernelVersion().major; 629 u16 offset = GetOSMajorKernelOffset(); 630 CHECK_GE(kernel_major, offset); 631 u16 os_major = kernel_major - offset; 632 633 const char *format = "%d.0"; 634 if (TARGET_OS_OSX) { 635 if (os_major >= 16) { // macOS 11+ 636 os_major -= 5; 637 } else { // macOS 10.15 and below 638 format = "10.%d"; 639 } 640 } 641 return internal_snprintf(vers, sizeof(VersStr), format, os_major); 642 } 643 644 static void GetOSVersion(VersStr vers) { 645 uptr len = sizeof(VersStr); 646 if (SANITIZER_IOSSIM) { 647 const char *vers_env = GetEnv("SIMULATOR_RUNTIME_VERSION"); 648 if (!vers_env) { 649 Report("ERROR: Running in simulator but SIMULATOR_RUNTIME_VERSION env " 650 "var is not set.\n"); 651 Die(); 652 } 653 len = internal_strlcpy(vers, vers_env, len); 654 } else { 655 int res = 656 internal_sysctlbyname("kern.osproductversion", vers, &len, nullptr, 0); 657 658 // XNU 17 (macOS 10.13) and below do not provide the sysctl 659 // `kern.osproductversion` entry (res != 0). 660 bool no_os_version = res != 0; 661 662 // For launchd, sanitizer initialization runs before sysctl is setup 663 // (res == 0 && len != strlen(vers), vers is not a valid version). However, 664 // the kernel version `kern.osrelease` is available. 665 bool launchd = (res == 0 && internal_strlen(vers) < 3); 666 if (launchd) CHECK_EQ(internal_getpid(), 1); 667 668 if (no_os_version || launchd) { 669 len = ApproximateOSVersionViaKernelVersion(vers); 670 } 671 } 672 CHECK_LT(len, sizeof(VersStr)); 673 } 674 675 void ParseVersion(const char *vers, u16 *major, u16 *minor) { 676 // Format: <major>.<minor>[.<patch>]\0 677 CHECK_GE(internal_strlen(vers), 3); 678 const char *p = vers; 679 *major = internal_simple_strtoll(p, &p, /*base=*/10); 680 CHECK_EQ(*p, '.'); 681 p += 1; 682 *minor = internal_simple_strtoll(p, &p, /*base=*/10); 683 } 684 685 // Aligned versions example: 686 // macOS 10.15 -- iOS 13 -- tvOS 13 -- watchOS 6 687 static void MapToMacos(u16 *major, u16 *minor) { 688 if (TARGET_OS_OSX) 689 return; 690 691 if (TARGET_OS_IOS || TARGET_OS_TV) 692 *major += 2; 693 else if (TARGET_OS_WATCH) 694 *major += 9; 695 else 696 UNREACHABLE("unsupported platform"); 697 698 if (*major >= 16) { // macOS 11+ 699 *major -= 5; 700 } else { // macOS 10.15 and below 701 *minor = *major; 702 *major = 10; 703 } 704 } 705 706 static MacosVersion GetMacosAlignedVersionInternal() { 707 VersStr vers = {}; 708 GetOSVersion(vers); 709 710 u16 major, minor; 711 ParseVersion(vers, &major, &minor); 712 MapToMacos(&major, &minor); 713 714 return MacosVersion(major, minor); 715 } 716 717 static_assert(sizeof(MacosVersion) == sizeof(atomic_uint32_t::Type), 718 "MacosVersion cache size"); 719 static atomic_uint32_t cached_macos_version; 720 721 MacosVersion GetMacosAlignedVersion() { 722 atomic_uint32_t::Type result = 723 atomic_load(&cached_macos_version, memory_order_acquire); 724 if (!result) { 725 MacosVersion version = GetMacosAlignedVersionInternal(); 726 result = *reinterpret_cast<atomic_uint32_t::Type *>(&version); 727 atomic_store(&cached_macos_version, result, memory_order_release); 728 } 729 return *reinterpret_cast<MacosVersion *>(&result); 730 } 731 732 DarwinKernelVersion GetDarwinKernelVersion() { 733 VersStr vers = {}; 734 uptr len = sizeof(VersStr); 735 int res = internal_sysctlbyname("kern.osrelease", vers, &len, nullptr, 0); 736 CHECK_EQ(res, 0); 737 CHECK_LT(len, sizeof(VersStr)); 738 739 u16 major, minor; 740 ParseVersion(vers, &major, &minor); 741 742 return DarwinKernelVersion(major, minor); 743 } 744 745 uptr GetRSS() { 746 struct task_basic_info info; 747 unsigned count = TASK_BASIC_INFO_COUNT; 748 kern_return_t result = 749 task_info(mach_task_self(), TASK_BASIC_INFO, (task_info_t)&info, &count); 750 if (UNLIKELY(result != KERN_SUCCESS)) { 751 Report("Cannot get task info. Error: %d\n", result); 752 Die(); 753 } 754 return info.resident_size; 755 } 756 757 void *internal_start_thread(void *(*func)(void *arg), void *arg) { 758 // Start the thread with signals blocked, otherwise it can steal user signals. 759 __sanitizer_sigset_t set, old; 760 internal_sigfillset(&set); 761 internal_sigprocmask(SIG_SETMASK, &set, &old); 762 pthread_t th; 763 pthread_create(&th, 0, func, arg); 764 internal_sigprocmask(SIG_SETMASK, &old, 0); 765 return th; 766 } 767 768 void internal_join_thread(void *th) { pthread_join((pthread_t)th, 0); } 769 770 #if !SANITIZER_GO 771 static Mutex syslog_lock; 772 # endif 773 774 void WriteOneLineToSyslog(const char *s) { 775 #if !SANITIZER_GO 776 syslog_lock.CheckLocked(); 777 if (GetMacosAlignedVersion() >= MacosVersion(10, 12)) { 778 os_log_error(OS_LOG_DEFAULT, "%{public}s", s); 779 } else { 780 asl_log(nullptr, nullptr, ASL_LEVEL_ERR, "%s", s); 781 } 782 #endif 783 } 784 785 // buffer to store crash report application information 786 static char crashreporter_info_buff[__sanitizer::kErrorMessageBufferSize] = {}; 787 static Mutex crashreporter_info_mutex; 788 789 extern "C" { 790 // Integrate with crash reporter libraries. 791 #if HAVE_CRASHREPORTERCLIENT_H 792 CRASH_REPORTER_CLIENT_HIDDEN 793 struct crashreporter_annotations_t gCRAnnotations 794 __attribute__((section("__DATA," CRASHREPORTER_ANNOTATIONS_SECTION))) = { 795 CRASHREPORTER_ANNOTATIONS_VERSION, 796 0, 797 0, 798 0, 799 0, 800 0, 801 0, 802 #if CRASHREPORTER_ANNOTATIONS_VERSION > 4 803 0, 804 #endif 805 }; 806 807 #else 808 // fall back to old crashreporter api 809 static const char *__crashreporter_info__ __attribute__((__used__)) = 810 &crashreporter_info_buff[0]; 811 asm(".desc ___crashreporter_info__, 0x10"); 812 #endif 813 814 } // extern "C" 815 816 static void CRAppendCrashLogMessage(const char *msg) { 817 Lock l(&crashreporter_info_mutex); 818 internal_strlcat(crashreporter_info_buff, msg, 819 sizeof(crashreporter_info_buff)); 820 #if HAVE_CRASHREPORTERCLIENT_H 821 (void)CRSetCrashLogMessage(crashreporter_info_buff); 822 #endif 823 } 824 825 void LogMessageOnPrintf(const char *str) { 826 // Log all printf output to CrashLog. 827 if (common_flags()->abort_on_error) 828 CRAppendCrashLogMessage(str); 829 } 830 831 void LogFullErrorReport(const char *buffer) { 832 #if !SANITIZER_GO 833 // Log with os_trace. This will make it into the crash log. 834 #if SANITIZER_OS_TRACE 835 if (GetMacosAlignedVersion() >= MacosVersion(10, 10)) { 836 // os_trace requires the message (format parameter) to be a string literal. 837 if (internal_strncmp(SanitizerToolName, "AddressSanitizer", 838 sizeof("AddressSanitizer") - 1) == 0) 839 os_trace("Address Sanitizer reported a failure."); 840 else if (internal_strncmp(SanitizerToolName, "UndefinedBehaviorSanitizer", 841 sizeof("UndefinedBehaviorSanitizer") - 1) == 0) 842 os_trace("Undefined Behavior Sanitizer reported a failure."); 843 else if (internal_strncmp(SanitizerToolName, "ThreadSanitizer", 844 sizeof("ThreadSanitizer") - 1) == 0) 845 os_trace("Thread Sanitizer reported a failure."); 846 else 847 os_trace("Sanitizer tool reported a failure."); 848 849 if (common_flags()->log_to_syslog) 850 os_trace("Consult syslog for more information."); 851 } 852 #endif 853 854 // Log to syslog. 855 // The logging on OS X may call pthread_create so we need the threading 856 // environment to be fully initialized. Also, this should never be called when 857 // holding the thread registry lock since that may result in a deadlock. If 858 // the reporting thread holds the thread registry mutex, and asl_log waits 859 // for GCD to dispatch a new thread, the process will deadlock, because the 860 // pthread_create wrapper needs to acquire the lock as well. 861 Lock l(&syslog_lock); 862 if (common_flags()->log_to_syslog) 863 WriteToSyslog(buffer); 864 865 // The report is added to CrashLog as part of logging all of Printf output. 866 #endif 867 } 868 869 SignalContext::WriteFlag SignalContext::GetWriteFlag() const { 870 #if defined(__x86_64__) || defined(__i386__) 871 ucontext_t *ucontext = static_cast<ucontext_t*>(context); 872 return ucontext->uc_mcontext->__es.__err & 2 /*T_PF_WRITE*/ ? WRITE : READ; 873 #else 874 return UNKNOWN; 875 #endif 876 } 877 878 bool SignalContext::IsTrueFaultingAddress() const { 879 auto si = static_cast<const siginfo_t *>(siginfo); 880 // "Real" SIGSEGV codes (e.g., SEGV_MAPERR, SEGV_MAPERR) are non-zero. 881 return si->si_signo == SIGSEGV && si->si_code != 0; 882 } 883 884 #if defined(__aarch64__) && defined(arm_thread_state64_get_sp) 885 #define AARCH64_GET_REG(r) \ 886 (uptr)ptrauth_strip( \ 887 (void *)arm_thread_state64_get_##r(ucontext->uc_mcontext->__ss), 0) 888 #else 889 #define AARCH64_GET_REG(r) ucontext->uc_mcontext->__ss.__##r 890 #endif 891 892 static void GetPcSpBp(void *context, uptr *pc, uptr *sp, uptr *bp) { 893 ucontext_t *ucontext = (ucontext_t*)context; 894 # if defined(__aarch64__) 895 *pc = AARCH64_GET_REG(pc); 896 # if defined(__IPHONE_8_0) && __IPHONE_OS_VERSION_MAX_ALLOWED >= __IPHONE_8_0 897 *bp = AARCH64_GET_REG(fp); 898 # else 899 *bp = AARCH64_GET_REG(lr); 900 # endif 901 *sp = AARCH64_GET_REG(sp); 902 # elif defined(__x86_64__) 903 *pc = ucontext->uc_mcontext->__ss.__rip; 904 *bp = ucontext->uc_mcontext->__ss.__rbp; 905 *sp = ucontext->uc_mcontext->__ss.__rsp; 906 # elif defined(__arm__) 907 *pc = ucontext->uc_mcontext->__ss.__pc; 908 *bp = ucontext->uc_mcontext->__ss.__r[7]; 909 *sp = ucontext->uc_mcontext->__ss.__sp; 910 # elif defined(__i386__) 911 *pc = ucontext->uc_mcontext->__ss.__eip; 912 *bp = ucontext->uc_mcontext->__ss.__ebp; 913 *sp = ucontext->uc_mcontext->__ss.__esp; 914 # else 915 # error "Unknown architecture" 916 # endif 917 } 918 919 void SignalContext::InitPcSpBp() { 920 addr = (uptr)ptrauth_strip((void *)addr, 0); 921 GetPcSpBp(context, &pc, &sp, &bp); 922 } 923 924 // ASan/TSan use mmap in a way that creates “deallocation gaps” which triggers 925 // EXC_GUARD exceptions on macOS 10.15+ (XNU 19.0+). 926 static void DisableMmapExcGuardExceptions() { 927 using task_exc_guard_behavior_t = uint32_t; 928 using task_set_exc_guard_behavior_t = 929 kern_return_t(task_t task, task_exc_guard_behavior_t behavior); 930 auto *set_behavior = (task_set_exc_guard_behavior_t *)dlsym( 931 RTLD_DEFAULT, "task_set_exc_guard_behavior"); 932 if (set_behavior == nullptr) return; 933 const task_exc_guard_behavior_t task_exc_guard_none = 0; 934 set_behavior(mach_task_self(), task_exc_guard_none); 935 } 936 937 void InitializePlatformEarly() { 938 // Only use xnu_fast_mmap when on x86_64 and the kernel supports it. 939 use_xnu_fast_mmap = 940 #if defined(__x86_64__) 941 GetDarwinKernelVersion() >= DarwinKernelVersion(17, 5); 942 #else 943 false; 944 #endif 945 if (GetDarwinKernelVersion() >= DarwinKernelVersion(19, 0)) 946 DisableMmapExcGuardExceptions(); 947 } 948 949 #if !SANITIZER_GO 950 static const char kDyldInsertLibraries[] = "DYLD_INSERT_LIBRARIES"; 951 LowLevelAllocator allocator_for_env; 952 953 // Change the value of the env var |name|, leaking the original value. 954 // If |name_value| is NULL, the variable is deleted from the environment, 955 // otherwise the corresponding "NAME=value" string is replaced with 956 // |name_value|. 957 void LeakyResetEnv(const char *name, const char *name_value) { 958 char **env = GetEnviron(); 959 uptr name_len = internal_strlen(name); 960 while (*env != 0) { 961 uptr len = internal_strlen(*env); 962 if (len > name_len) { 963 const char *p = *env; 964 if (!internal_memcmp(p, name, name_len) && p[name_len] == '=') { 965 // Match. 966 if (name_value) { 967 // Replace the old value with the new one. 968 *env = const_cast<char*>(name_value); 969 } else { 970 // Shift the subsequent pointers back. 971 char **del = env; 972 do { 973 del[0] = del[1]; 974 } while (*del++); 975 } 976 } 977 } 978 env++; 979 } 980 } 981 982 SANITIZER_WEAK_CXX_DEFAULT_IMPL 983 bool ReexecDisabled() { 984 return false; 985 } 986 987 static bool DyldNeedsEnvVariable() { 988 // If running on OS X 10.11+ or iOS 9.0+, dyld will interpose even if 989 // DYLD_INSERT_LIBRARIES is not set. 990 return GetMacosAlignedVersion() < MacosVersion(10, 11); 991 } 992 993 void MaybeReexec() { 994 // FIXME: This should really live in some "InitializePlatform" method. 995 MonotonicNanoTime(); 996 997 if (ReexecDisabled()) return; 998 999 // Make sure the dynamic runtime library is preloaded so that the 1000 // wrappers work. If it is not, set DYLD_INSERT_LIBRARIES and re-exec 1001 // ourselves. 1002 Dl_info info; 1003 RAW_CHECK(dladdr((void*)((uptr)&__sanitizer_report_error_summary), &info)); 1004 char *dyld_insert_libraries = 1005 const_cast<char*>(GetEnv(kDyldInsertLibraries)); 1006 uptr old_env_len = dyld_insert_libraries ? 1007 internal_strlen(dyld_insert_libraries) : 0; 1008 uptr fname_len = internal_strlen(info.dli_fname); 1009 const char *dylib_name = StripModuleName(info.dli_fname); 1010 uptr dylib_name_len = internal_strlen(dylib_name); 1011 1012 bool lib_is_in_env = dyld_insert_libraries && 1013 internal_strstr(dyld_insert_libraries, dylib_name); 1014 if (DyldNeedsEnvVariable() && !lib_is_in_env) { 1015 // DYLD_INSERT_LIBRARIES is not set or does not contain the runtime 1016 // library. 1017 InternalMmapVector<char> program_name(1024); 1018 uint32_t buf_size = program_name.size(); 1019 _NSGetExecutablePath(program_name.data(), &buf_size); 1020 char *new_env = const_cast<char*>(info.dli_fname); 1021 if (dyld_insert_libraries) { 1022 // Append the runtime dylib name to the existing value of 1023 // DYLD_INSERT_LIBRARIES. 1024 new_env = (char*)allocator_for_env.Allocate(old_env_len + fname_len + 2); 1025 internal_strncpy(new_env, dyld_insert_libraries, old_env_len); 1026 new_env[old_env_len] = ':'; 1027 // Copy fname_len and add a trailing zero. 1028 internal_strncpy(new_env + old_env_len + 1, info.dli_fname, 1029 fname_len + 1); 1030 // Ok to use setenv() since the wrappers don't depend on the value of 1031 // asan_inited. 1032 setenv(kDyldInsertLibraries, new_env, /*overwrite*/1); 1033 } else { 1034 // Set DYLD_INSERT_LIBRARIES equal to the runtime dylib name. 1035 setenv(kDyldInsertLibraries, info.dli_fname, /*overwrite*/0); 1036 } 1037 VReport(1, "exec()-ing the program with\n"); 1038 VReport(1, "%s=%s\n", kDyldInsertLibraries, new_env); 1039 VReport(1, "to enable wrappers.\n"); 1040 execv(program_name.data(), *_NSGetArgv()); 1041 1042 // We get here only if execv() failed. 1043 Report("ERROR: The process is launched without DYLD_INSERT_LIBRARIES, " 1044 "which is required for the sanitizer to work. We tried to set the " 1045 "environment variable and re-execute itself, but execv() failed, " 1046 "possibly because of sandbox restrictions. Make sure to launch the " 1047 "executable with:\n%s=%s\n", kDyldInsertLibraries, new_env); 1048 RAW_CHECK("execv failed" && 0); 1049 } 1050 1051 // Verify that interceptors really work. We'll use dlsym to locate 1052 // "pthread_create", if interceptors are working, it should really point to 1053 // "wrap_pthread_create" within our own dylib. 1054 Dl_info info_pthread_create; 1055 void *dlopen_addr = dlsym(RTLD_DEFAULT, "pthread_create"); 1056 RAW_CHECK(dladdr(dlopen_addr, &info_pthread_create)); 1057 if (internal_strcmp(info.dli_fname, info_pthread_create.dli_fname) != 0) { 1058 Report( 1059 "ERROR: Interceptors are not working. This may be because %s is " 1060 "loaded too late (e.g. via dlopen). Please launch the executable " 1061 "with:\n%s=%s\n", 1062 SanitizerToolName, kDyldInsertLibraries, info.dli_fname); 1063 RAW_CHECK("interceptors not installed" && 0); 1064 } 1065 1066 if (!lib_is_in_env) 1067 return; 1068 1069 if (!common_flags()->strip_env) 1070 return; 1071 1072 // DYLD_INSERT_LIBRARIES is set and contains the runtime library. Let's remove 1073 // the dylib from the environment variable, because interceptors are installed 1074 // and we don't want our children to inherit the variable. 1075 1076 uptr env_name_len = internal_strlen(kDyldInsertLibraries); 1077 // Allocate memory to hold the previous env var name, its value, the '=' 1078 // sign and the '\0' char. 1079 char *new_env = (char*)allocator_for_env.Allocate( 1080 old_env_len + 2 + env_name_len); 1081 RAW_CHECK(new_env); 1082 internal_memset(new_env, '\0', old_env_len + 2 + env_name_len); 1083 internal_strncpy(new_env, kDyldInsertLibraries, env_name_len); 1084 new_env[env_name_len] = '='; 1085 char *new_env_pos = new_env + env_name_len + 1; 1086 1087 // Iterate over colon-separated pieces of |dyld_insert_libraries|. 1088 char *piece_start = dyld_insert_libraries; 1089 char *piece_end = NULL; 1090 char *old_env_end = dyld_insert_libraries + old_env_len; 1091 do { 1092 if (piece_start[0] == ':') piece_start++; 1093 piece_end = internal_strchr(piece_start, ':'); 1094 if (!piece_end) piece_end = dyld_insert_libraries + old_env_len; 1095 if ((uptr)(piece_start - dyld_insert_libraries) > old_env_len) break; 1096 uptr piece_len = piece_end - piece_start; 1097 1098 char *filename_start = 1099 (char *)internal_memrchr(piece_start, '/', piece_len); 1100 uptr filename_len = piece_len; 1101 if (filename_start) { 1102 filename_start += 1; 1103 filename_len = piece_len - (filename_start - piece_start); 1104 } else { 1105 filename_start = piece_start; 1106 } 1107 1108 // If the current piece isn't the runtime library name, 1109 // append it to new_env. 1110 if ((dylib_name_len != filename_len) || 1111 (internal_memcmp(filename_start, dylib_name, dylib_name_len) != 0)) { 1112 if (new_env_pos != new_env + env_name_len + 1) { 1113 new_env_pos[0] = ':'; 1114 new_env_pos++; 1115 } 1116 internal_strncpy(new_env_pos, piece_start, piece_len); 1117 new_env_pos += piece_len; 1118 } 1119 // Move on to the next piece. 1120 piece_start = piece_end; 1121 } while (piece_start < old_env_end); 1122 1123 // Can't use setenv() here, because it requires the allocator to be 1124 // initialized. 1125 // FIXME: instead of filtering DYLD_INSERT_LIBRARIES here, do it in 1126 // a separate function called after InitializeAllocator(). 1127 if (new_env_pos == new_env + env_name_len + 1) new_env = NULL; 1128 LeakyResetEnv(kDyldInsertLibraries, new_env); 1129 } 1130 #endif // SANITIZER_GO 1131 1132 char **GetArgv() { 1133 return *_NSGetArgv(); 1134 } 1135 1136 #if SANITIZER_IOS && !SANITIZER_IOSSIM 1137 // The task_vm_info struct is normally provided by the macOS SDK, but we need 1138 // fields only available in 10.12+. Declare the struct manually to be able to 1139 // build against older SDKs. 1140 struct __sanitizer_task_vm_info { 1141 mach_vm_size_t virtual_size; 1142 integer_t region_count; 1143 integer_t page_size; 1144 mach_vm_size_t resident_size; 1145 mach_vm_size_t resident_size_peak; 1146 mach_vm_size_t device; 1147 mach_vm_size_t device_peak; 1148 mach_vm_size_t internal; 1149 mach_vm_size_t internal_peak; 1150 mach_vm_size_t external; 1151 mach_vm_size_t external_peak; 1152 mach_vm_size_t reusable; 1153 mach_vm_size_t reusable_peak; 1154 mach_vm_size_t purgeable_volatile_pmap; 1155 mach_vm_size_t purgeable_volatile_resident; 1156 mach_vm_size_t purgeable_volatile_virtual; 1157 mach_vm_size_t compressed; 1158 mach_vm_size_t compressed_peak; 1159 mach_vm_size_t compressed_lifetime; 1160 mach_vm_size_t phys_footprint; 1161 mach_vm_address_t min_address; 1162 mach_vm_address_t max_address; 1163 }; 1164 #define __SANITIZER_TASK_VM_INFO_COUNT ((mach_msg_type_number_t) \ 1165 (sizeof(__sanitizer_task_vm_info) / sizeof(natural_t))) 1166 1167 static uptr GetTaskInfoMaxAddress() { 1168 __sanitizer_task_vm_info vm_info = {} /* zero initialize */; 1169 mach_msg_type_number_t count = __SANITIZER_TASK_VM_INFO_COUNT; 1170 int err = task_info(mach_task_self(), TASK_VM_INFO, (int *)&vm_info, &count); 1171 return err ? 0 : vm_info.max_address; 1172 } 1173 1174 uptr GetMaxUserVirtualAddress() { 1175 static uptr max_vm = GetTaskInfoMaxAddress(); 1176 if (max_vm != 0) { 1177 const uptr ret_value = max_vm - 1; 1178 CHECK_LE(ret_value, SANITIZER_MMAP_RANGE_SIZE); 1179 return ret_value; 1180 } 1181 1182 // xnu cannot provide vm address limit 1183 # if SANITIZER_WORDSIZE == 32 1184 constexpr uptr fallback_max_vm = 0xffe00000 - 1; 1185 # else 1186 constexpr uptr fallback_max_vm = 0x200000000 - 1; 1187 # endif 1188 static_assert(fallback_max_vm <= SANITIZER_MMAP_RANGE_SIZE, 1189 "Max virtual address must be less than mmap range size."); 1190 return fallback_max_vm; 1191 } 1192 1193 #else // !SANITIZER_IOS 1194 1195 uptr GetMaxUserVirtualAddress() { 1196 # if SANITIZER_WORDSIZE == 64 1197 constexpr uptr max_vm = (1ULL << 47) - 1; // 0x00007fffffffffffUL; 1198 # else // SANITIZER_WORDSIZE == 32 1199 static_assert(SANITIZER_WORDSIZE == 32, "Wrong wordsize"); 1200 constexpr uptr max_vm = (1ULL << 32) - 1; // 0xffffffff; 1201 # endif 1202 static_assert(max_vm <= SANITIZER_MMAP_RANGE_SIZE, 1203 "Max virtual address must be less than mmap range size."); 1204 return max_vm; 1205 } 1206 #endif 1207 1208 uptr GetMaxVirtualAddress() { 1209 return GetMaxUserVirtualAddress(); 1210 } 1211 1212 uptr MapDynamicShadow(uptr shadow_size_bytes, uptr shadow_scale, 1213 uptr min_shadow_base_alignment, uptr &high_mem_end) { 1214 const uptr granularity = GetMmapGranularity(); 1215 const uptr alignment = 1216 Max<uptr>(granularity << shadow_scale, 1ULL << min_shadow_base_alignment); 1217 const uptr left_padding = 1218 Max<uptr>(granularity, 1ULL << min_shadow_base_alignment); 1219 1220 uptr space_size = shadow_size_bytes + left_padding; 1221 1222 uptr largest_gap_found = 0; 1223 uptr max_occupied_addr = 0; 1224 VReport(2, "FindDynamicShadowStart, space_size = %p\n", space_size); 1225 uptr shadow_start = 1226 FindAvailableMemoryRange(space_size, alignment, granularity, 1227 &largest_gap_found, &max_occupied_addr); 1228 // If the shadow doesn't fit, restrict the address space to make it fit. 1229 if (shadow_start == 0) { 1230 VReport( 1231 2, 1232 "Shadow doesn't fit, largest_gap_found = %p, max_occupied_addr = %p\n", 1233 largest_gap_found, max_occupied_addr); 1234 uptr new_max_vm = RoundDownTo(largest_gap_found << shadow_scale, alignment); 1235 if (new_max_vm < max_occupied_addr) { 1236 Report("Unable to find a memory range for dynamic shadow.\n"); 1237 Report( 1238 "space_size = %p, largest_gap_found = %p, max_occupied_addr = %p, " 1239 "new_max_vm = %p\n", 1240 space_size, largest_gap_found, max_occupied_addr, new_max_vm); 1241 CHECK(0 && "cannot place shadow"); 1242 } 1243 RestrictMemoryToMaxAddress(new_max_vm); 1244 high_mem_end = new_max_vm - 1; 1245 space_size = (high_mem_end >> shadow_scale) + left_padding; 1246 VReport(2, "FindDynamicShadowStart, space_size = %p\n", space_size); 1247 shadow_start = FindAvailableMemoryRange(space_size, alignment, granularity, 1248 nullptr, nullptr); 1249 if (shadow_start == 0) { 1250 Report("Unable to find a memory range after restricting VM.\n"); 1251 CHECK(0 && "cannot place shadow after restricting vm"); 1252 } 1253 } 1254 CHECK_NE((uptr)0, shadow_start); 1255 CHECK(IsAligned(shadow_start, alignment)); 1256 return shadow_start; 1257 } 1258 1259 uptr MapDynamicShadowAndAliases(uptr shadow_size, uptr alias_size, 1260 uptr num_aliases, uptr ring_buffer_size) { 1261 CHECK(false && "HWASan aliasing is unimplemented on Mac"); 1262 return 0; 1263 } 1264 1265 uptr FindAvailableMemoryRange(uptr size, uptr alignment, uptr left_padding, 1266 uptr *largest_gap_found, 1267 uptr *max_occupied_addr) { 1268 typedef vm_region_submap_short_info_data_64_t RegionInfo; 1269 enum { kRegionInfoSize = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64 }; 1270 // Start searching for available memory region past PAGEZERO, which is 1271 // 4KB on 32-bit and 4GB on 64-bit. 1272 mach_vm_address_t start_address = 1273 (SANITIZER_WORDSIZE == 32) ? 0x000000001000 : 0x000100000000; 1274 1275 mach_vm_address_t address = start_address; 1276 mach_vm_address_t free_begin = start_address; 1277 kern_return_t kr = KERN_SUCCESS; 1278 if (largest_gap_found) *largest_gap_found = 0; 1279 if (max_occupied_addr) *max_occupied_addr = 0; 1280 while (kr == KERN_SUCCESS) { 1281 mach_vm_size_t vmsize = 0; 1282 natural_t depth = 0; 1283 RegionInfo vminfo; 1284 mach_msg_type_number_t count = kRegionInfoSize; 1285 kr = mach_vm_region_recurse(mach_task_self(), &address, &vmsize, &depth, 1286 (vm_region_info_t)&vminfo, &count); 1287 if (kr == KERN_INVALID_ADDRESS) { 1288 // No more regions beyond "address", consider the gap at the end of VM. 1289 address = GetMaxVirtualAddress() + 1; 1290 vmsize = 0; 1291 } else { 1292 if (max_occupied_addr) *max_occupied_addr = address + vmsize; 1293 } 1294 if (free_begin != address) { 1295 // We found a free region [free_begin..address-1]. 1296 uptr gap_start = RoundUpTo((uptr)free_begin + left_padding, alignment); 1297 uptr gap_end = RoundDownTo((uptr)address, alignment); 1298 uptr gap_size = gap_end > gap_start ? gap_end - gap_start : 0; 1299 if (size < gap_size) { 1300 return gap_start; 1301 } 1302 1303 if (largest_gap_found && *largest_gap_found < gap_size) { 1304 *largest_gap_found = gap_size; 1305 } 1306 } 1307 // Move to the next region. 1308 address += vmsize; 1309 free_begin = address; 1310 } 1311 1312 // We looked at all free regions and could not find one large enough. 1313 return 0; 1314 } 1315 1316 // FIXME implement on this platform. 1317 void GetMemoryProfile(fill_profile_f cb, uptr *stats) {} 1318 1319 void SignalContext::DumpAllRegisters(void *context) { 1320 Report("Register values:\n"); 1321 1322 ucontext_t *ucontext = (ucontext_t*)context; 1323 # define DUMPREG64(r) \ 1324 Printf("%s = 0x%016llx ", #r, ucontext->uc_mcontext->__ss.__ ## r); 1325 # define DUMPREGA64(r) \ 1326 Printf(" %s = 0x%016llx ", #r, AARCH64_GET_REG(r)); 1327 # define DUMPREG32(r) \ 1328 Printf("%s = 0x%08x ", #r, ucontext->uc_mcontext->__ss.__ ## r); 1329 # define DUMPREG_(r) Printf(" "); DUMPREG(r); 1330 # define DUMPREG__(r) Printf(" "); DUMPREG(r); 1331 # define DUMPREG___(r) Printf(" "); DUMPREG(r); 1332 1333 # if defined(__x86_64__) 1334 # define DUMPREG(r) DUMPREG64(r) 1335 DUMPREG(rax); DUMPREG(rbx); DUMPREG(rcx); DUMPREG(rdx); Printf("\n"); 1336 DUMPREG(rdi); DUMPREG(rsi); DUMPREG(rbp); DUMPREG(rsp); Printf("\n"); 1337 DUMPREG_(r8); DUMPREG_(r9); DUMPREG(r10); DUMPREG(r11); Printf("\n"); 1338 DUMPREG(r12); DUMPREG(r13); DUMPREG(r14); DUMPREG(r15); Printf("\n"); 1339 # elif defined(__i386__) 1340 # define DUMPREG(r) DUMPREG32(r) 1341 DUMPREG(eax); DUMPREG(ebx); DUMPREG(ecx); DUMPREG(edx); Printf("\n"); 1342 DUMPREG(edi); DUMPREG(esi); DUMPREG(ebp); DUMPREG(esp); Printf("\n"); 1343 # elif defined(__aarch64__) 1344 # define DUMPREG(r) DUMPREG64(r) 1345 DUMPREG_(x[0]); DUMPREG_(x[1]); DUMPREG_(x[2]); DUMPREG_(x[3]); Printf("\n"); 1346 DUMPREG_(x[4]); DUMPREG_(x[5]); DUMPREG_(x[6]); DUMPREG_(x[7]); Printf("\n"); 1347 DUMPREG_(x[8]); DUMPREG_(x[9]); DUMPREG(x[10]); DUMPREG(x[11]); Printf("\n"); 1348 DUMPREG(x[12]); DUMPREG(x[13]); DUMPREG(x[14]); DUMPREG(x[15]); Printf("\n"); 1349 DUMPREG(x[16]); DUMPREG(x[17]); DUMPREG(x[18]); DUMPREG(x[19]); Printf("\n"); 1350 DUMPREG(x[20]); DUMPREG(x[21]); DUMPREG(x[22]); DUMPREG(x[23]); Printf("\n"); 1351 DUMPREG(x[24]); DUMPREG(x[25]); DUMPREG(x[26]); DUMPREG(x[27]); Printf("\n"); 1352 DUMPREG(x[28]); DUMPREGA64(fp); DUMPREGA64(lr); DUMPREGA64(sp); Printf("\n"); 1353 # elif defined(__arm__) 1354 # define DUMPREG(r) DUMPREG32(r) 1355 DUMPREG_(r[0]); DUMPREG_(r[1]); DUMPREG_(r[2]); DUMPREG_(r[3]); Printf("\n"); 1356 DUMPREG_(r[4]); DUMPREG_(r[5]); DUMPREG_(r[6]); DUMPREG_(r[7]); Printf("\n"); 1357 DUMPREG_(r[8]); DUMPREG_(r[9]); DUMPREG(r[10]); DUMPREG(r[11]); Printf("\n"); 1358 DUMPREG(r[12]); DUMPREG___(sp); DUMPREG___(lr); DUMPREG___(pc); Printf("\n"); 1359 # else 1360 # error "Unknown architecture" 1361 # endif 1362 1363 # undef DUMPREG64 1364 # undef DUMPREG32 1365 # undef DUMPREG_ 1366 # undef DUMPREG__ 1367 # undef DUMPREG___ 1368 # undef DUMPREG 1369 } 1370 1371 static inline bool CompareBaseAddress(const LoadedModule &a, 1372 const LoadedModule &b) { 1373 return a.base_address() < b.base_address(); 1374 } 1375 1376 void FormatUUID(char *out, uptr size, const u8 *uuid) { 1377 internal_snprintf(out, size, 1378 "<%02X%02X%02X%02X-%02X%02X-%02X%02X-%02X%02X-" 1379 "%02X%02X%02X%02X%02X%02X>", 1380 uuid[0], uuid[1], uuid[2], uuid[3], uuid[4], uuid[5], 1381 uuid[6], uuid[7], uuid[8], uuid[9], uuid[10], uuid[11], 1382 uuid[12], uuid[13], uuid[14], uuid[15]); 1383 } 1384 1385 void DumpProcessMap() { 1386 Printf("Process module map:\n"); 1387 MemoryMappingLayout memory_mapping(false); 1388 InternalMmapVector<LoadedModule> modules; 1389 modules.reserve(128); 1390 memory_mapping.DumpListOfModules(&modules); 1391 Sort(modules.data(), modules.size(), CompareBaseAddress); 1392 for (uptr i = 0; i < modules.size(); ++i) { 1393 char uuid_str[128]; 1394 FormatUUID(uuid_str, sizeof(uuid_str), modules[i].uuid()); 1395 Printf("0x%zx-0x%zx %s (%s) %s\n", modules[i].base_address(), 1396 modules[i].max_executable_address(), modules[i].full_name(), 1397 ModuleArchToString(modules[i].arch()), uuid_str); 1398 } 1399 Printf("End of module map.\n"); 1400 } 1401 1402 void CheckNoDeepBind(const char *filename, int flag) { 1403 // Do nothing. 1404 } 1405 1406 bool GetRandom(void *buffer, uptr length, bool blocking) { 1407 if (!buffer || !length || length > 256) 1408 return false; 1409 // arc4random never fails. 1410 REAL(arc4random_buf)(buffer, length); 1411 return true; 1412 } 1413 1414 u32 GetNumberOfCPUs() { 1415 return (u32)sysconf(_SC_NPROCESSORS_ONLN); 1416 } 1417 1418 void InitializePlatformCommonFlags(CommonFlags *cf) {} 1419 1420 } // namespace __sanitizer 1421 1422 #endif // SANITIZER_MAC 1423